Australian Democracy is Protected by New Cyber Security Service

Australian Democracy

Australian Democracy is Protected by New Cyber Security Service

Microsoft has opened up its new Defending Democracy Program to Australian entities in the security and political arena to help protect against cyber attacks.  

Australian Democracy

With the threats of cyber attacks during global elections, it’s a good time to think about how important democracy is to all Australians as well as taking stock of how good the security is when it comes to democratic rights and institutions. In 2018 in the United States, Microsoft launched AccountGuard, a special security service designed to offer additional critical cyber protection to users operating in a political sphere. This service is a key component in their initiative Defending Democracy.

AccountGuard Available to Australian Organisations and Individuals

In March 2019, Microsoft announced that its AccountGuard service was available to eligible individuals and organisations in Australia. In recent times, forces disruptive to democracy have used technology to game political systems. In February, Australians were reminded of this new threat to Australian institutions when the Australian Government revealed that a well-thought-out cyber attack had been launched against the people and systems in Parliament House. It was revealed further that the cyber attack was also directed at major political parties in the Australian Government by the same malicious entity.

Defending Democracy Initiative

Microsoft has developed AccountGuard as a part of a broader response under the Defending Democracy Initiative, a program to defend against growing threats of foreign interference in the country’s democratic processes in Australia and around the world. After the well-publicised allegations of foreign-sponsored interference in the United States 2016 Presidential elections, multiple additional reports have presented other attempts by nations, individuals and entities to damage, attack, and undermine the critical democratic infrastructure and institutions.

The Australian Government has responded by offering the AccountGuard service at no cost to political parties and candidates who use Microsoft Office 365. AccountGuard provides notifications about any cyber threats which include attacks by known foreign nations, personal accounts of the political organisations’ staff and leaders, and across email systems used by eligible organisations.

Microsoft AccountGuard is now available to all political candidates, campaign offices, and parties which operate on a state or national level. It is also being made available for eligible Think Tanks and other associated entities. If you or your organisation is eligible to install Microsoft AccountGuard, you can go to https://www.microsoft.com/accountguard to ask for an invitation to learn more or enroll. Australia now joins the United States, India, Canada, Ireland, the United Kingdom, and 12 more European countries in having access to this security service.

From Microsoft, “while AccountGuard does not replace existing security solutions and best practice, it is a useful tool in political parties’ kitbags to protect them and their candidates from unwanted interference.”

From Microsoft’s Website

Microsoft AccountGuard is a new security service offered at no additional cost to customers in the political space. The service is designed to help these highly targeted customers protect themselves from cybersecurity threats.

Specifically, the service provides:

  • Best practices and security guidance specific to those in the political space.
  • Access to cybersecurity webinars and workshops.
  • Notification in the event of a verifiable threat or compromise by a known nation-state actor against the participant’s O365 account.
  • Notification to both the organisation and, where possible, the impacted individual if a registered Hotmail.com or Outlook.com account associated with the organisation is verifiably threatened or compromised by a known nation-state actor.
  • Recommendations to the participating organisation for remediation, if a compromise is confirmed.
  • A direct line to Microsoft’s Defending Democracy Program team.

Australian Businesses Closed Due to Phishing Freight Scam

Australian Phishing Scam

Australian Businesses Closed Due to Phishing Freight Scam

Several Australian businesses have become the targets of a phishing freight scam losing an average of $30,000 to $100,000.  

Australian Phishing Scam

Phishing is on the rise as a method of online criminal activity focused on businesses. Victims are being scammed out of tens of thousands of dollars via this email phishing scheme. Right now, scammers are directing their fraudulent activity at IT and electrical businesses. Several Australian companies have shut down after becoming victim to a freight forwarding email according to the Australian Cyber Security Centre (ACSC). These victims are losing an average of $30,000 to $100,000 after sending their products to the scammers who request delayed payment credit terms from the victims.

How Does The Freight Scam Work?

The scammers trick victims into participating by spoofing internet emails, domains and signatures of executives of large Australian companies and universities to legitimise their communications. An example of how they work is they send their email from lendleases.com.au instead of the actual website lendlease.com.au. One of the fraudulent emails that the ACSC released is supposedly from a Chief Procurement Officer at the University of Sydney.

On each purchase order, the scammers request laptops, hard drives, cosmetics, defibrillators and environmental monitoring equipment, all items that can be easily resold. The targets are asked to ship the orders to a freight forwarding company which in turn, then sends them on to another fraudulent entity who acts as a middleman. Then the freight forwarding company becomes a second victim when their bill is paid using stolen credit cards or using an established credit line.

How are Fraudulent Orders Identified?

In this case, the scammers are requesting shipments to many locations including Singapore, Dubai, Dagenham, Kuala Lumpur, Malaysia and Deira according to the ACSC. Businesses should never automatically trust any unsolicited order of goods with credit without further investigation. However, it’s possible for these orders to slip through the cracks if you don’t have a strict policy for your approval process on every transaction. The ACSC requests that all organisations should do due diligence on any new customers or unusual orders, and investigate any customer before granting credit. They also suggest that businesses should check the domain of websites and emails that are referenced on a purchase order. A good follow up is to contact customers by phone to confirm that they are a legitimate company, and have placed the recent order. Lastly, it’s important to verify the shipping address over the phone.

What is Phishing?

Phishing is one of the most commonly-used cyber attacks in Australia. Statistics from the Office of the Australian Information Commissioner show that phishing accounts for 39 percent of all breaches reported. Therefore, it’s important to be aware of how to protect yourself at home and at work from phishing.

How Does Phishing Work?

The victim receives an email that is simple in format and generally personalised and potentially from a known sender. It may look like an official email from a known organisation or company, and it invites the victim to click on an embedded link. Wording varies, but it may say, “click to learn more” or “click to see the image.” After clicking, the victim is redirected to a web page and asked to enter their user name and password or for other personal information. Once the personal information is filled in the attacker then sends emails to everyone in the victim’s address book and the cycle repeats.

What are the Dangers?

While having spam email issued from your own email account is annoying and a problem, the larger issue is that the victim has given the attacker their user name and password. With an email and password, the attacker can easily hack into anything the victim uses that email and password for. Most people repeat email and password data for multiple accounts. In the world of cloud storage, this can be several accounts including email, CRM, file storage, banking, and proprietary applications.

NSW Police Shut Down Telecom Scam Preying on the Elderly

Telecom Scam Elderly

Telecom Scam Elderly

Australian police ended a telecom scam in NSW closing the door on millions of dollars in theft. 

The New South Wales Police has shut down a Sydney-based syndicate with members who posed as telecom technicians and persuaded victims to enable remote access on their home or business computers in order to “fix” a security flaw in their internet. NSW authorities arrested the alleged leader of the syndicate, a 25-year-old man originally from South Wentworthville, and closed the operation after receiving intelligence from the Fintel Alliance run by Australian Transaction Reports and Analysis Centre (AUSTRAC) which has the big four banks as members. The Fintel Alliance reported that it was able to provide the NSW Police Department with financial intelligence about an elderly customer who had $20,000 stolen from his bank account.

Banking Scam Syndicate

The syndicate “used a variety of methods to gain access to the financial accounts of victims and transferred the funds into accounts controlled by them” according to the NSW Police.

“The most common method involved members of the syndicate cold calling victims and asserting to be technicians from their telecommunication company,” AUSTRAC said in a statement. The syndicate convinced the victim there was a security flaw in their internet access and the victim allowed the syndicate to control their computer via remote access.”

National Australian Bank Security Assisted NSW Police

National Australia Bank had a role in this particular case. “We work hard to protect our customers, and by working closely together on issues like this we are able to deliver better outcomes for customers and the broader community” NAB enterprise security officer David Fairman said. “The threat landscape is constantly evolving and we continue to invest in both detection and prevention to protect our customers.”

NSW Police renewed calls to avoid providing any banking information to someone over the telephone unless you’ve taken steps to verify who the person calling and requesting is after the arrest and dismantling of the syndicate.

“Additionally, government agencies and most telephone and internet providers will not request you make payment via iTunes or Google Play or similar gift cards,” NSW police said.

Who is the Fintel Alliance?

The Fintel Alliance is a public-private partnership, launched in 2017, that brings together a wide range of organisations that are involved in the fight against terrorism financing, money laundering and other serious crimes. Remote-access scams like the one recently shut down are used to steal millions of dollars out of Australians. In May 2019, the Australian Cyber Security Centre reported that someone who was impersonating Australian Government cyber security personnel was trying to persuade individuals into revealing bank information and compromising their computers.

How to Protect Your Business from SHTML Phishing

Email Phishing

Email Phishing

Protecting Your Data from SHTML Phishing

Data security is vital to any business. Learn how SHTML phishing works and how to minimize the risk of your data falling into the hands of attackers.

Email phishing has been in the playbook of hackers since, well, email. What’s alarming is the scope in which criminals can conduct these attacks, the amount of data potentially at risk, and how vulnerable many businesses are to phishing attempts. Here’s what you need to know to spot the hook and protect your data from being reeled in.

How Does Email Phishing Work?

A phishing email typically contains an attachment in the form of a server-parsed HTML (SHTML) file. When opened, these shady files redirect the user to a malicious website often disguised as a legitimate product or service provider. The website then requests sensitive information such as the user’s address, date of birth, social security number, bank account number, etc. in exchange for providing said product or service.

Users who comply end up giving their information to a criminal who may then sell it to various illegal organizations. Victims may end up losing money and having their identity connected to criminal activity. The attackers may even offer to sell the information back to the owner for a hefty ransom. For businesses, the damages can be irreparable. Phishing is often the launchpad for large-scale cyber attacks, and businesses that fall victim can lose not only cash and assets, but the trust of current and would-be customers.

Who Does SHTML Phishing Target?

While many individuals fall victim to phishing, the main targets are businesses in the banking and finance sector. The sender may use a seemingly legitimate email address, often posing as a trusted, reputable organization. They may goad users to open attachments by claiming to be the IRS, a wealthy businessman offering a lucrative deal, or, ironically, a security provider offering to scan the user’s computer for vulnerabilities. While many phishing attempts are obvious, some can be convincing, and all it takes is a hasty click to give the phisher what they want.

Types of SHTML Phishing

Depending on the attacker, a phishing attempt can range from simple and generic to detailed and personalized to fit the target. For businesses that conduct large quantities of transactions, a phisher may send a simple email claiming to provide a receipt for their purchase. Others may send invoices. Sophisticated attackers may gather information about the business including its suppliers, partners, and even names of individual employees. They may then create fake accounts disguised as these trusted entities, fooling the target into giving away sensitive data. While most phishing attempts fail, a convincing premise combined with a busy, distracted user can equal success – and disaster.

Potential Signs of SHTML Phishing

Being proactive and training your employees to spot phishing is the best line of defense. Here are some potential red flags that may, but not always, indicate that an email is a phishing attack:

  • Poor spelling and grammar
  • Strange characters and punctuation
  • Email addresses comprised of a seemingly random combination of letters and numbers
  • Emails claiming to offer large sums of money
  • Emails claiming that you owe a large sum of money
  • Emails claiming that your data is at risk and offering protection
  • An overly lengthy or short email body
  • Attachments with file types you don’t recognize

How to Protect Your Business from SHTML Phishing

While there’s no way to guarantee that your business will be 100% safe from phishing attacks, you can take precautions to greatly minimize your risk of becoming a victim. Many email clients have rules that automatically filter out suspicious or spam emails. Savvy IT professionals can create additional rules to identify and block phishing emails.

The greatest defense is training every employee to recognize the red flags, especially the not-so-obvious ones. Make basic data security a part of the onboarding process, and hold presentations and seminars several times a year to keep employees aware and bring to light any new threats they should look for.

Data security is more relevant than ever, and businesses need to stay up to date on the latest cybersecurity threats. Is your business taking the necessary precautions to keep phishers away?

2019 Cybersecurity Trends: Preparation for a Cyberattack

Cyber Security Attack

Cyber Security Attack

How familiar are you with all of the types of cyber attacks your company can become a victim of? 

The list of companies who have faced a cyber attack recently is long and growing longer. Equifax, British Airways, Cathay Pacific to name just a few. In 2018 alone, the Ponemon Institute measured the costs of these data breaches at $3.86 million per incident globally. Recently, a cybersecurity trends discussion for 2019 with Check Point stated that it would be another year of hard-hitting cybersecurity attacks and breaches.

Security companies such as Check Point, a multinational provider of combined hardware and software products for security, is based in Israel. And they are searching for new ways to better secure IT. Their global chief of threat detection, Orli Gan, states that the solution will come from manufacturers, law enforcement and government, not from companies like Check Point. The cybersecurity company predicts that every company will become a victim of a cyber attack in 2019.

Gan stated to Verdict: “You can just choose whatever name you want, any company in the world and they either were, or are, or will be hit by a cyber attack.”

Fastest Growing Crime is Cyber Crime

When comparing cybercrime in 2019 to the popular heist film series Ocean’s 11, Gan stated that cybercrime is far more lucrative and less risky way to make money than a heist. Cyber attacks come in two formats:

  • Attacks that are to make money
  • Attacks to make a point (hacktivism)

When the cyber attacks are instigated by nation-states, they are morally ambiguous. It’s hard to know who is the good guy or bad guy.

Cyber Attacks by Nation-States

  • September 2018 – Check Point discovered an Iranian state-sponsored mobile surveillance operation against Iran’s own citizens called “Domestic Kitten.” Iran claimed that the attack was begun in 2016 and was using decoy content to get people to download mobile apps with embedded spyware. Those apps then collected sensitive information about targeted citizens including Kurdish, Turkish and ISIS supporters.
  • Lazarus, North Korean cyber hackers, are also politically motivated. In September 2018, a report showed that its worldwide attacks on U.S. and South Korean websites including Sony looked to be funded by the Kim Jong-Un regime.
  • 2016 Election hacking in the U.S. from Russia caused concerns for democracy in several countries.
  • In October 2018, the UK government reported that Russian military intelligence was the actor behind a string of cyberattacks.

As a result, cybercrime experts advised to strengthen cybersecurity capabilities instead of using political sanctions. Despite warnings, it looks as if Russia will attempt cyberattacks in 2019 and 2020 elections.

Cryptomining Overtaking Ransomware

Routine, day-to-day cyber attacks are designed to earn money for the cyber criminals. This is becoming more used than ransomware which was bigger in 2017. One virus, WannaCry ransomware virus, infected computers in businesses, hospitals and schools in 150 countries.

“We see a quite steady decline in 2018 in the use of ransomware. It’s definitely not gone but it’s slightly more targeted these days towards companies that are more likely to pay significant amounts of money for the data they stand to lose,” Gan reported.

Instead, cryptomining is on the rise into 2019. This malware allows cyber criminals to hijack the victim’s central processing unit (CPU) to mine crypto currency, using up to as much as 65 percent of the CPU’s power. This type of attack was the leading attack in 2018, with 42 percent of global organisations hit between January and September, over double the 20.5 percent hit in the second half of 2017. The opposite of a ransomware attack, cryptomining is a stealth crime as it’s perceived by victims. Criminals like it more than ransomware, because it’s easy to begin, hard to trace, and has a long-term earning potential.

Crypto Currency Monero

The top three most common malwares seen in 2018 were crypto miners mining the Monero currency, says Check Point. Monero is preferred over Bitcoin because unlike the more well-known cryptocurrency, Monero is effectively untraceable and can use typical computer hardware very effectively for mining, while Bitcoin requires custom-made and optimised chips.

The cryptocurrency Monero has privacy features that cloak its transactions. When someone sends you Monero, you can’t tell who sent it. If you send Monero the recipient will not know who it is from. Bitcoin isn’t anonymous; people can trace every Bitcoin block, address and transaction. Bitcoin is not truly anonymous, so people can search for and trace every Bitcoin block, transaction and address.

Phishing in 2019

Phishing, one of the most common online fraud tactics, can easily get ahold of private information including credit card details, usernames, and passwords through email. In the third quarter of 2018, RSA detected 38,196 fraud attacks worldwide including phishing scams. Even with an awareness of phishing, many people still fall for these fraudulent attacks to get personal information. These crimes increase during the holiday season when many people are online shopping, especially Black Friday (Friday after American Thanksgiving) and Cyber Monday (Monday after American Thanksgiving). Without the proper malware attachments, these phishing emails often slip through other cyber defences. In fact, cyber security company Agari found that 54 percent of email phishing attacks use a well-known brand’s name to deceive recipients including Amazon, Microsoft, and Bank of America.

How Can an Organisation Protect Itself?

If you own or work for a company looking to protect itself, there isn’t a single approach that will guarantee success.

“You have to understand the complexity of the problem, you have to address the different angles in different capacities, and you always have to have multiple advisories and engines that combined can give you that accuracy that you require from a product that you’re actually going to use. Accuracy is number one in order to be practical because when you’re not, the reality is that people in the organisation will start getting angry – ‘I needed that email but it was blocked by your security system,” according to Gan.

Can We Win the War Against Cyber Crime?

With the rapid development of technology, that question is difficult to answer. Check Point is skeptical that cyber security can eradicate cyber crime. Gan states that the solution should be a three-part defence that involves government regulation, law enforcement, and manufacturers. We must regulate manufacturers of electronic devices to require them to use operators that comply with security requirements. And law enforcement has to hunt down and punish cyber criminals.

myGov Outage Upsets Tax Return System Causing Mayhem

myGOV outage

myGov Outage Upsets Tax Return System Causing Mayhem

If you’ve experienced difficulties with the Australian Government’s myGov website, you aren’t alone. The myGov portal — the online system that Australians use to access their employer payment summaries for tax purposes and to access Medicare and Centrelink services — was down on Friday morning, July 12th. Later, a tweet went out announcing services had been restored, but there might be further issues logging in as the system booted back up.

myGOV outage

However, while Tax Office service through myGov were affected, the ATO stated that tax returns were still being processed and paid as usual. ABC News reported that the issue with myGov was “a technical issue with a communications switch,” unrelated to the Telstra outage. A spokeswoman for the ATO said that they were working to restore services as rapidly as possible and the shutdown would not have any impact on people who had already lodged their tax returns. In fact, the ATO had already processed more than one million tax returns with a value of $882 million paid into accounts that morning. In addition, 110,000 tax refunds worth $292 million would be paid to recipients that same afternoon amounting to a total of 500,000 refunds worth $1.2 billion into people’s bank accounts.

Another spokesman for the Minister for Government Services, Stuart Robert, also issued a statement that the system was down, causing problems with access and speed with myGov. Apologies were also issued.

Extended Reporting Deadline for Welfare Payments

The shutdown also caused problems for people who needed to report for welfare payments. One recipient stated the fear that all recipients might have. He was worried that he would be penalised for not reporting his job search efforts on time due to the myGov outage, causing a docked payment. This man, a 55-year-old living on the central coast of NSW, had been searching for a new job since January, but currently was relying on Newstart. When he called his employment services provider, they told him they didn’t control myGov, so he was out of luck. After that, he was worried that Centrelink would impose a penalty because he couldn’t log in. That assumption turned out to be false according to a statement from a Department of Human Services spokeswoman. She further related that “all services are now available, however a small amount of people may still experience intermittent issues logging in as we return to full capacity.”

An investigation is already underway to determine the cause of the shutdown, but it wasn’t due to a cyber attack. She also confirmed that all regular payments were dispersed overnight, and apologised for any inconvenience the outage caused for users. The deadline for reporting employment income was extended until 7:30 pm AEST, and it was suggested that only people with urgent business use the site until it was fully restored.

One user, Jeffrey, who lives on the south coast of NSW, complained that his pension payment didn’t appear in his bank account as stated. It normally appears every second Friday morning according to ABC News. He tried to call Centrelink, but wasn’t able to connect. He was worried about being late on his rent payment.

Telstra Apologises for Expensive Retail Outage

Telstra offered an apology to customers after a national outage Thursday, July 11, in the afternoon which was caused by an unusually large volume of traffic across the network in New South Wales.

Telstra has apologised to its customers following a national outage on Thursday afternoon, saying it was caused by “an unusually large volume of traffic across the network” in NSW. The outage took place from about 2:30 pm through late evening, and shut down electronic payments at several retailers including Caltex and Woolworths, and some banking services. In an interview with ABC News, Dominique Lamb from the National Retail Association said,

“Given both the time of day and the businesses affected, the Telstra outage certainly caused a large degree of inconvenience for both shoppers and retailers yesterday. As some shoppers would have paid with cash instead or simply delayed the purchase of essential items, such as groceries, it is still a little difficult to ascertain the exact cost to retail sales at this early stage. The amount in lost sales could be as high as $100 million for the day, however, hopefully much of it will be recouped by customers simply doing shopping today and tomorrow rather than yesterday.”

Telstra said it would consider compensating businesses, and that their account executives are discussing the impact on revenues with their customers. The Telecommunications Industry Ombudsman (TIO) urged customers to contact Telstra first, but contact the TIO if their issues were unresolved.

Cyber Attacks Ruled Out by Telstra

The ATO and Telstra have faced several outages and technical issues disrupting service to customers in recent years. Twitter also had a worldwide shutdown on Thursday, July 11, which affected their stock price. It’s unknown whether the Twitter outage was caused by Telstra. Telstra did rule out a cyber attack as a cause of their outage. It did affect Telstra’s IP services including EFTPOS, ATM and other payment platforms.

One Problem with Going Cashless

Telstra’s outage did bring to light potential issues for Australians relying on a cashless society. During the shutdown, consumers couldn’t make electronic purchases, and also couldn’t withdraw cash from ATMs.

Telstra’s outage on Thursday highlighted potential problems of Australians increasingly relying on a cashless world. In November 2018, Reserve Bank of Australia Governor Philip Lowe stated that cash will become a niche payment sooner than people may think. The RBA reported that Australians make an average of 500 electronic payments per year. There has been a decline in cash use, however, the value of banknotes on issue has increased relative to the size of the economy. In November 2016, a survey of consumer payments based on a number of 1500 people found that although the share of payments made in cash continued to fall, case was still used for more than 1/3 of consumer payments. Cash was primarily used in transactions less than $10, and older people were more likely to hold more cash.

How to Know When to Outsource IT

Group of people discussing Outsourcing IT

Nearly every company must now rely on technology on a daily basis. For most companies, the role of technology will only grow in the future, making it even more important for all companies to have the tech support they need at all times. Depending on the situation, companies may hire employees to handle IT in-house, or they may outsource IT to a third-party provider.

Group of people discussing Outsourcing IT

The information below will help you determine whether it is time for your business to consider IT outsourcing.

Benefits of Outsourcing IT

Before you can decide whether outsourcing is right for you, you must first understand the reasons you might choose this path. Below are some of the potential benefits of outsourcing IT:

  • Fewer headaches – When you outsource IT, you no longer have to worry about maintenance, upgrades, repairs or any other technological problems.
  • Fewer expenses – Outsourcing IT is cost-effective, as you won’t have to pay for full-time employees to handle IT.
  • Scalability – Outsourced IT services can be scaled up or down to meet your needs as your company evolves.
  • No interruptions – When IT is outsourced, you won’t need to deal with downtime or other workflow interruptions related to IT issues.
  • Better use of in-house resources – Many businesses delegate IT responsibilities to existing employees when they can’t afford to hire full time IT personnel. With outsourcing, you will no longer need to split your employees’ focus in this way.

Downsides of Outsourcing

Although outsourcing IT offers several benefits, there are downsides as well. For example, you won’t have as much control over your operations as you would have if you kept IT in-house. In addition, if your provider is in a different time zone or has a heavy workload, communication can be problematic. Finally, if your business is small, outsourcing may be too expensive.

Should You Outsource?

Deciding whether to outsource IT to a third-party provider can be a challenge for any company, and there are many factors to consider. If you aren’t sure whether outsourcing IT is right for your company, simply compare your options and weigh the pros and cons. Remember to evaluate the potential for cost savings, as well as the impact on your day-to-day operations. It’s also a good idea to learn about the services available to you so you will know what you should expect if you choose to outsource.
If you decide to proceed with outsourcing, it is important to consider multiple providers before making a selection. Choosing the right IT provider can make all the difference in the success of your company. Remember that the cost of outsourced services is not the most important factor. Making sure that you are receiving reliable, high-quality services is essential. Interview each of the providers you are considering and ask them about the services they provide, the fees they charge and the customer support they offer. You should also read reviews from past customers to find out how others have felt about the services they received from the provider in question.

Microsoft Defender ATP Security for Macs

Cybersecurity for Macs

Microsoft Defender ATP Security for Macs

Microsoft Defender ATP (Advanced Threat Protection) is a program that detects ongoing attacks on corporate networks, blocks any that are malicious, and then provides response recommendations to improve security. Microsoft has made good on a pledge made in March 2019 by announcing that its sophisticated endpoint security service is available for Mac users.

Cybersecurity for Macs

Microsoft Defender ATP for Mac has been moved to what the company calls “general availability” as of June 28 according to Helen Allas, the principal program manager for the enterprise security team. In a July 8 post to a company blog, Allas reported that “with Microsoft Defender ATP for Mac general availability, all Microsoft Defender ATP customers now have an opportunity to start benefiting from integrated experiences across their Windows and macOS clients in Microsoft Defender Security Center.” The core components of Microsoft Defender ATP, which includes the latest “Threat & Vulnerability Management,” serve Macs as well as PCs.

The Microsoft Defender ATP for Mac supports the three latest released versions of macOS: Mojave, High Sierra, and Sierra. Customers can use Microsoft Intune and Jamf to deploy and manage Microsoft Defender ATP for Mac. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft Defender ATP for Mac updates.

There’s still more implementation to come

With this announcement came the news that this update doesn’t allow for complete integration of Microsoft Defender ATP for Macs quite yet. There are also some quirks that haven’t been ironed out for Mac users. In the “Known Issues” section of the online documentation, Microsoft has written “full Microsoft Defender ATP integration is not available yet.” And there is no date listed for when the entire program will be available for integration for Mac users.

Defense against malicious attacks

Microsoft Defender ATP is a very useful tool as it detects ongoing cyberattacks on corporate networks, blocks whatever it recognises as malicious, and then follows up to investigate and discover information about the attack and/or security breach, after which it provides response recommendations and cyberattack remediation.

How to add Microsoft Defender ATP

This defense service is a component within the highest-level Windows ten licenses, including those provided by a subscription service such as Windows 10 Enterprise E5 or Microsoft 365 E5. In fact, Microsoft claims that ATP is the differentiator between these high-level services and lower-tier bundles. You can also add ATP as an add-on service to Microsoft 365 E3 for an extra $12 per month.

If you want to add Macs to the Windows PCs already reporting and covered by Microsoft Defender ATP, users are required to license Microsoft 365 E5, Windows 10 Enterprise E5 or Windows 10 Education E5 (Microsoft 365 E5 includes Windows 10 Enterprise E5). Any Macs using Defender ATP are required to be running one of three of the newest edictions of macOS – 2018 Mojave, 2017 High Sierra, or 2016 Sierra. Once September’s release of 2019 Catalina, it’s likely that Microsoft will drop the oldest, 2016 Sierra, because Apple will no longer support that OS with regular security updates.

You can find instructions from Microsoft published on how to deploy Microsoft Defender ATP to Macs. On those instructions, users are warned that they will need “beginner-level experience in macOS and BASH scripting” as well as admin privileges to the device or devices in case there are issues and you need to use a fallback of manual deployment to install. Admins can deploy the security service to Macs using any of these platforms: Microsooft Intune, JAMF, or other MDM (mobile device management) platforms.

Instructions on how to configure Defender ATP for Mac are posted here.

Customers can register for a free trial of Defender ATP online.

What Are the Top Tips for Choosing the Best IT Company?

Two IT Company Professionals Working

Two IT Company Professionals Working

What Are the Top Tips for Choosing the Best IT Company?

Website outages, cybersecurity attacks, and any number of other IT incidents can cost your company hundreds or even thousands of dollars — every minute. For this reason alone, you need an outsourced IT company who is competent and highly qualified to handle your IT needs.

But how do you choose the best IT company?

Naturally, the IT needs of each individual business will vary. A medical practice will need IT assistance that specializes in privacy as well as cybersecurity because they’ll have a tremendous amount of sensitive data in their systems. On the other hand, your industry may require less focus on privacy and more focus on the particular type of software that you use.

Finding an IT company who specializes in your industry is the first step to locating optimal IT support.

Here are some other tips to keep in mind when choosing an IT support company for your business.

1. Look for experience.

As is always the case when you contract out services, you need to look for experience. It may be tempting to work with a brand-new, up and coming IT company in your area, but something as important as IT support warrants hiring a company who’s been in the business for at least a few years.

To establish that the IT companies you are considering have enough experience to get the job done right, ask to speak with their current or past clients. Also, ask for the list of credentials that their support staff possesses. These are the individuals you’ll be working with regularly, and you want to look for certifications and schooling in IT-related fields.

Lastly, make sure the experience that these companies have is related to your industry, specifically. We’ve already touched on this a bit, but it’s important to reiterate that it’s better to find an IT company who specializes in your industry than to find night one who claims they can “do it all.” Many IT companies specialize in healthcare IT, transport IT, or other specific industries, which means they know and understand these industries inside and out. That wants you want.

2. Choose a local company.

Some IT companies will claim they can take on your business from across the state or the nation. While this is possible, it’s unlikely you’ll get the level of quality service you actually deserve. It’s much better to go with a local IT company who you can work with directly.

In many situations, you’ll actually need IT support staff from your MSP (managed service provider) to come to your business for installations, troubleshooting, or network setups. This shouldn’t have to be a huge production. Having a local IT company available for quick service calls is a huge advantage.

3. Look for forward-thinking companies.

Not only do you want your IT company to focus on maintaining your current network and system structure, but you also want them to propel your business forward. Whether fast or slow, growing should be a primary concern for any business.

Some IT companies are more capable at scaling their services than others. Essentially, you want to find a company who will propel your business forward with their own IT ideas. They also need to have the employee-power and IT resources to scale your business up with ease and efficiency. As you expand, you don’t want to have to switch IT companies.

4. Make sure you can choose your level of service.

Again, needs vary where IT is concerned. You certainly do not want to pay for services you don’t need and won’t use. For this reason, look for an IT company who offers a range of service levels.

Most IT companies offer at least two or three levels of service. For example, they may offer an entry-level fee for simply monitoring your systems and alerting you as soon as possible if there’s a breach. If you require network setups, software installations, and other management services, you‘ll naturally want a higher level of service. Having options is the main concern here.

No matter what IT company you choose, it’s important to take your time, and do your research. Your IT company will be one of your business’s most important assets. Hire well, and you’ll reap the benefits of easier daily operations, higher returns on investment, and ultimately, more business opportunities.

Your MacOS Is Under Attack: 2019’s Biggest Malware Threats

MacOS and Malware

Your MacOS Is Under Attack: 2019’s Biggest Malware Threats

MacOS and Malware

The Mac operating system (MacOs) has frequently been hailed as one of the best systems for its resiliency to malware and typical viruses. But the days of MacOs standing strong and tall with no worries have really always been a misconception. Mac systems are just as vulnerable to the beefed-up, intelligent malware threats that are out there today.

SentinelOne published a lengthy review of the MacOs malware at the end of 2018, but in a new release, SentinelOne also stated that there has actually been an uptick in the numbers of new types out there attacking users. Here is a look at some of 2019’s biggest MacOs malware threats that every Mac-reliant business owner should know.

1. OSX.Siggen: A Malware Download from a Malicious Domain

Masquerading as a helpful app called WhatsApp, OSX.Siggen is actually a latched-on malware that slips in during a regular app download. WhatsApp is a fake social media platform, and the download looks super enticing when users come across it. However, once added to MacOs, the app runs with a backdoor designed to take administrative control over the system.

2. KeyStealDaemon: Password Hijacker

This dirty malware showed up in February of 2019, but by June it was still running strong. Apple allowed a patch several years ago designed for another purpose, but KeyStealDaemon can create administrative privileges for itself by slipping through. Unfortunately, this malware allows the person behind the scenes to get into the system and steal pretty much any password you have stored. The good news is, if you have properly updated your system, KeyStealDaemon can be booted out because it cannot break through.

3. CookieMiner Slips In and Steals Credentials

Toward the end of January 2019, a cryptominer showed up with its own installed backdoor to induce a threatening combination of technologies to steal cryptocurrency exchange cookies and passwords for Google Chrome. The worrisome thing about CookieMiner is this: experts believe that the malware could potentially have the rare ability to bypass things like authentication processes that involve multiple factors. If CookieMiner is capable of gathering enough cookies and credentials, cryptocurrency wallets can be virtually pickpocketed right in plain sight.

4. Mokes.B Puts On a Good Act

Persistence agents running amuck on your MacOs with familiar names may never be spotted, especially if they are calling themselves things like Firefox, Skype, or Chrome. This is precisely how Mokes.B avoids suspicion when it latches onto the operating system in application support folders and tracking files. Mokes.B is super-scary because it can gain the ability to take actual screenshots whole you are on pertinent screens, but it can also record keystrokes to steal date you are keying in.

5. A Variant of OSX.Pirrit Has Shown Up

OSX.Pirrit caused a lot of problems a few years ago, but this malware never really disappeared altogether. Instead, new family members under the old parent app are still being found on MacOs, and they are not being detected as they would otherwise be when acting as OSX.Pirrit. The aim of this malware is to make money from redirect actions that occur as a result of a browser infection, but there are rumors that PIRRIT is potentially capable of stealing data as well.

6. OSX.Dok Reroutes User Traffic

OSX.Dok gets into a system and installs a securely tucked-away Tor version location on a Mac system. User traffic hitting a site gets sent to an onion server instead of where it should be, which is a major problem for business owners needing to protect sensitive customer actions when they think they are on an e-commerce website. One of the scariest things about OSX.Dok is the fact that it can steal even SSL encrypted internet traffic maneuvers. Older versions of this software were thought to be banished, but new versions continually pop up.

Even though there are so many Mac users who think they are covered by some unseen immunity from malicious software, these risks are there and the growing list of 2019 proves that fact. Attackers deploying these software programs are targeting those easy-to-break barriers, so something like an improperly updated computer or even an unsuspecting employee can leave a business computer wide-open for an attack.